Fix potential overflow in CertificateRequest
diff --git a/ChangeLog b/ChangeLog
index 68b1255..57024a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,12 @@
= mbed TLS 2.1.2 released 2015-10-xx
+Security
+ * Fix potential heap buffer overflow in servers that perform client
+ authentication against a crafted CA cert. Cannot be triggered remotely
+ unless you allow third parties to pick trust CAs for client auth.
+ Found by Guido Vranken.
+
Changes
* Fixed paths for check_config.h in example config files. (Found by bachp)
(#291)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index b48a609..1bda53c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2351,6 +2351,7 @@
size_t dn_size, total_dn_size; /* excluding length bytes */
size_t ct_len, sa_len; /* including length bytes */
unsigned char *buf, *p;
+ const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
const mbedtls_x509_crt *crt;
int authmode;
@@ -2471,10 +2472,14 @@
total_dn_size = 0;
while( crt != NULL && crt->version != 0 )
{
- if( p - buf > 4096 )
- break;
-
dn_size = crt->subject_raw.len;
+
+ if( end < p || (size_t)( end - p ) < 2 + dn_size )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
+ break;
+ }
+
*p++ = (unsigned char)( dn_size >> 8 );
*p++ = (unsigned char)( dn_size );
memcpy( p, crt->subject_raw.p, dn_size );